If you want to get authlogic working in a fresh rails 3 project, it will take a bit more steps than devise. This has everything to do with vision: authlogic only claims to deliver you the backend, allowing itself to remain more stable and to easily replace other authentication libraries (even your home-brewn). That seems a great philosophy, but starting from scratch involves more steps.

First you need to setup a clean rails3 project, as i described before.

Install the gem

As simple as adding the following line to your Gemfile :

gem "authlogic"
gem "rails3-generators"

(note: you need the rails3-generators to include the needed generators).

Then run bundle install or bundle update.

Create the UserSession

rails g authlogic:session UserSession

This would be all, but in my installation it was not enough. Something inside rails3 broke the authlogic session.
But the fix, luckily, is pretty easy: you have to add the to_key function.

The next steps would be to add some user management, or allowing users to sign up themselves, and maybe add some roles to limit certain users access if needed.

Now, to contrast this with devise: i now have a bunch of code in my application that actually is not specific to my code, but is also completely not tested. I will provide example rspec tests for this later.

Actually, the problem with this scenario as outlined, is it is one big bang. You should start little, declaring things you need to be able to do, and work in little steps to get there. But this scenario is intended as a draft to see how you could get there. Now, in your real application, you should start with the tests, and then from this example you now how you can implement it.If you want to get authlogic working in a fresh rails 3 project, it will take a bit more steps than devise. This has everything to do with vision: authlogic only claims to deliver you the backend, allowing itself to remain more stable and to easily replace other authentication libraries (even your home-brewn). That seems a great philosophy, but starting from scratch involves more steps.

First you need to setup a clean rails3 project, as i described before.

Install the gem

As simple as adding the following line to your Gemfile :

gem "authlogic"

and then run bundle install or bundle update.

Create the UserSession

rails g authlogic:session UserSession

This would be all, but in my installation it was not enough. Something inside rails3 broke the authlogic session.
But the fix, luckily, is pretty easy: you have to add the to_key function.

The next steps would be to add some user management, or allowing users to sign up themselves, and maybe add some roles to limit certain users access if needed.

Now, to contrast this with devise: i now have a bunch of code in my application that actually is not specific to my code, but is also completely not tested. I will provide example rspec tests for this later.

Actually, the problem with this scenario as outlined, is it is one big bang. You should start little, declaring things you need to be able to do, and work in little steps to get there. But this scenario is intended as a draft to see how you could get there. Now, in your real application, you should start with the tests, and then from this example you now how you can implement it.

Devise is using warden, a rack-middleware to do the authentication. That makes it a very clean solution, and very extendible. That is an extra feature. But indeed, the availability of the extensions could be an easy selector. For me it was OAuth (i needed v1 and didn’t get Warden to do it).
I think that Devise has the more modern/clean implementation and is bound to become the implementation of choice soon (where i believe up until now, and definitely for rails 2.3 it still is authlogic).

Mmmm in my how-to there is no PeopleController, in my ApplicationController there is no method current_session. A bit hard for me to help you then. But you seem to be calling a method ‘login_field’ inside your method ‘current_session’, which it claims doesn’t exist. Seems a good place to go looking then.

Thanks for posting this – I had been struggling with getting Rails 3 and Authlogic to work and the patch solved the problem.
I agree with you however, there seems to be a lot of activity around Devise and this seems to be the authentication solution of choice for Rails 3.
Authlogic seems to have stalled and I was never happy with the testing side.

Thx for the tutorial – it helped me get one rails 3 application up and running w/ Authlogic – including account activation and password reset. However I started a new project and instead of the User model as you’ve described above, I called it Account (but with the same fields) and am getting the following error:

My ApplicationController class is almost exactly the same as you’ve provided above, except I’ve substituted ‘account’ for ‘user’ everywhere but the current_user_session. So, for example, ‘require_user’ method is now ‘require_account’

So, I’m wondering if Authlogic is expecting the ‘acts_as_authentic’ model to be named “User” – does anyone know if that’s the case? or what else may be causing my problem?

This article was verry useful! (thanks to primordial too, I’ve had the same problem).

But I’ve also got one question:

I want to store the username in a hidden form field (in another model, e.g. posts or something like that), but how do I access it? There must be a value stored in the UserSession model but I have no idea how to access it. Thank you in advance.

Thanks Nathan for the Authlogic write up. It’s very helpful for looking at Authlogic in general. However, after developing software for over a decade, I strongly feel overwriting the to_key method is the responsibility of Authlogic.

It’s simple and cleaner. Then just gem update to the latest Authlogic version once it’s patched. Anything less is just adding technical debt to your project before it’s even launched. Why would you do that?

@Adam Vana: indeed what you say is true. Ideally you would fork the project, fix it, and ask the original author to pull it back in. I did not want to do that, but indeed: the fix that is described in the post you mention is much cleaner and simple.

The reason why i did it is quite obvious: i did not know the solution, and wanted to get it working ;)

Anyway i heard that if you use the latest authlogic code from the git-source, it should all be working. I will test that out and update the code accordingly.

But for any new rails project i would suggest using devise instead of authlogic.

Hi and thank you for the post.
I’m trying to make this work on rails 3, but I get undefined method `login’ for # . Any ideas would be greatly appreciated :) I’m new to ruby & rails but I’m really trying to get on board

thank, this was really helpful, especial the to_key method inside the model, it was really a pain trying to figure out why the new in user_sessions was failing on that method.
By the way can you tell me the significance of that method.

Thanks for this tutorial, it really helped me get started with authlogic. I was starting from scratch and wish I had’ve used Devise now, but at least authlogic seems to be working :). I’ll give devise a shot for my next app to see how it compares.

Nice guide! I am running into an issue however. Everything works as written up until people try to register. Even if they provide valid information, the app returns them to the form with this error:

[“Email is too short (minimum is 6 characters)”, “Email should look like an email address.”, “Login is too short (minimum is 3 characters)”, “Login should use only letters, numbers, spaces, and .-_@ please.”]

The article is very great! I have searched this issue for long time. But I still have a question about the route.rb , Could you paste the route.rb for detail?
My route.rb is below:
Testauth::Application.routes.draw do
get “home/index”

I’m getting an error saying
Could not find generator authlogic:session
just before the error it shows
Called from: /home/nithin/.rvm/gems/ruby-1.9.3-p362/gems/actionpack-3.2.3/lib/action_dispatch/middleware/session/abstract_store.rb:28:in `initialize’.

Hey Nathan, I am trying to convert a rails 2 project to rails 3 and i have authlogic already setup for my rails2 but it does not work for rails 3. This is what i get as result
Error: uninitialized constant ApplicationController::UserSession
Do you have any idea hoe can i get around this problem> thanks

Well, a bit hard to do without the code, but I can make some educated guesses :) I am guessing
you get this error in the ApplicationController? And you are referring to the UserSession, but somehow that is not known there.

So: where is your UserSession defined? how is that file named? It should be user_session.rb (or ruby/rails will not find it automatically).